Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Traffic leaking between PVLAN Isolated ports

Hi,

Is it possible to leak traffic between ports configured as 'PVLAN isolated' ?

Task is pretty simple - there is an IP segment, terminated on cat3750 SVI, and two test servers connected to this switch in ports, configurated for isolated PVLAN. I'd like to be sure there is no uncontrolled communication between those servers, except permitted traffic.

Both servers can reach SVI IP address, but cant reach each other. So far, so good, PVLAN works. What about allowing some traffic between those hosts? Any ideas if thats possible at all, and how to configure devices?

3 REPLIES

Re: Traffic leaking between PVLAN Isolated ports

Hi,

you could place the two servers in two different VLANs, let the Cat 3750 route between them and apply access-lists to control the desired traffic.

Have a look at

"Configuring Network Security with ACLs"

http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a0080403fec.html#

for all possibilities.

Hope this helps

Martin

New Member

Re: Traffic leaking between PVLAN Isolated ports

All servers are placed in one VLAN (IP subnet) and it's supposed to stay that way. Test is about PVLAN usage.

Anyone else ?

New Member

Re: Traffic leaking between PVLAN Isolated ports

Use local proxy arp on SVI interface (ip local-proxy-arp). Then you can apply RACL to limit traffic between servers for specific applications.

Regards,

Bostjan

138
Views
0
Helpful
3
Replies